from:"von Obernitz, Daniel"

Bug#770171: sshd jail fails when system solely relies on systemd journal for logging

2021-08-25 Thread von Obernitz, Daniel

Hi,

in Debian 11 with f2b version 0.11.2-2 the issue with "journalmatch" seems to 
be fixed, but now the filter is wrong.

/etc/fail2ban/filter.d/sshd.conf

# consider failed publickey for invalid users only:

cmnfailre-failed-pub-invalid = ^Failed publickey for invalid user 
(?P\S+)|(?:(?! from ).)*? from 
%(__on_port_opt)s(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)

The log output in systemd does not match, the regex has to be changed to 
something like:

cmnfailre-failed-pub-invalid = ^Failed publickey for 
(?P\S+)|(?:(?! from ).)*? from 
%(__on_port_opt)s(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)


Daniel

smime.p7s
Description: S/MIME cryptographic signature

Bug#962451: auditd: Timeout during first start when auditd is installed

2020-09-14 Thread von Obernitz, Daniel

Dear maintainer,

I can confirm this bug and want to add, that the timouts also happen randomly 
at restarts of the service.

Best regards
Daniel

smime.p7s
Description: S/MIME cryptographic signature

Bug#770171: sshd jail fails when system solely relies on systemd journal for logging

Bug#962451: auditd: Timeout during first start when auditd is installed

2 matches

Site Navigation

Mail list logo

Footer information